Crain
Director of IT Security
Crain, Detroit, Michigan, United States, 48228
Description
Crain Communications is seeking an experienced and hands-on Director of IT Security to lead and shape our cybersecurity and infrastructure strategy. Reporting to the VP of Technology and Product, this new role will be integral to ensuring the security and operational excellence of our corporate infrastructure and supporting the diverse needs of our global operations.
The ideal candidate will have a proven track record in senior leadership roles (Director/VP-level) and expertise in both on-premises infrastructure and modern SaaS/cloud environments. In addition to technical acumen, you must excel in educating staff, implementing robust security systems and processes, and mitigating social engineering threats across a growing organization of 600+ employees.
This role is based in Detroit, Michigan, with a hybrid work arrangement. Remote opportunities are available for the right candidate, but some regular travel will be required.
Key Responsibilities:
Strategic Leadership: Develop and execute a comprehensive IT security strategy covering on-premises, SaaS, and cloud environments. Collaborate with executive leadership and department heads to align security goals with business objectives. Stay ahead of emerging threats, trends, and technologies to continuously enhance Crain's security posture. Operational Excellence:
Oversee and manage all aspects of IT security for corporate systems and global infrastructures across North America, Europe, and Asia. Lead the evaluation, selection, and implementation of security tools, managed services, and infrastructure upgrades. Provide technical guidance on integrating security best practices across IT operations and development teams. Cybersecurity and Awareness:
Implement advanced defenses against social engineering attacks, including phishing and smishing. Conduct regular security training and awareness programs for staff across the organization. Promote a risk aware culture through regular communication and education initiatives. Develop and enforce security policies, procedures, and compliance standards. Risk Management:
Monitor, assess, and address vulnerabilities across IT systems, personal computers, applications, and networks. Lead incident response efforts and manage recovery processes in case of breaches or threats. Ensure compliance with relevant regulations, including data protection and privacy standards. Conduct regular risk assessments and evaluation of technology and cybersecurity risks and provide/implement mitigation. Ensure timely escalation of critical risks and incidents Oversee the incident response process and ensure effective management of cyber incidents. Conduct post-incident reviews and recommend improvements to prevent future occurrences. Coordinate with external auditors for technology and cybersecurity risk audits, including PCI and HIPAA compliance. Qualifications:
7+ years of experience in IT security roles, with at least 3 years in Director/VP-level positions. Hands-on expertise in managing on-premises hardware, SaaS applications, and cloud infrastructures (e.g., AWS, Azure, Microsoft inTune or Google Cloud). Deep understanding of cybersecurity frameworks, such as NIST, CIS Controls, or ISO 27001. Proven experience in designing and implementing systems to prevent social engineering threats. Exceptional leadership, communication, and organizational skills. Relevant certifications such as CISSP, CISM, or CEH are highly desirable. Knowledge of data privacy laws and regulations. This position is exempt under the Fair Labor Standards Act and is not eligible for overtime pay.
Pay Transparency Disclosure:
The estimated base salary range for this position is $200,000 to $220,000.
The final salary offering will take into account a wide range of factors, including experience, accomplishments and location. The salary range provided should not be considered as a salary limit or cap. In addition to base salary, Crain also offers competitive benefits including retirement plan savings contributions and bonus opportunities based on individual and company performance.
#LI-KL1
#LI-Hybrid
#IT
#director
#full-time
About Crain Communications:
Crain Communications is a leading business news and information company with a portfolio of 24 media brands that provide indispensable coverage and data for professionals globally and across sectors, including advertising, automotive, finance, healthcare, staffing, and workforce solutions. Many of Crain's brands are the most influential media properties in the industries and communities they serve, including Ad Age, Automotive News, Pensions & Investments, Modern Healthcare, Staffing Industry Analysts, as well as Crain's regional business brands. For more than a century, our dedication to deep sector expertise and journalistic integrity has enabled us to provide trusted insights across all our platforms, empowering today's business leaders to make industry-shaping decisions. To learn more about Crain Communications, visit crain.com.
Environmental Demands
Where you work matters. The job posting will provide specific information on where and when your amazing work would be performed. Employee work location is determined by the needs of the specific team and may include on-site, hybrid or remote. Employee work location is subject to change.
An "in-office" role would require the employee to come into the office most days with occasional flexibility to work remotely if tasks can be performed elsewhere and if the manager approves. A "remote" role would allow an employee to work from a home office that is in one of the states Crain does business in. We can only employ a remote / "work from home" employee if they reside in one of these states: AZ, CA, CO, FL, GA, IL, MD, MA, MI, MN, NV, NY, NC, OH, OR, TN, TX, VA, WA, WI, and Washington, DC. A "hybrid" role would be a mix of in-office and remote work. There may be a specified schedule for coming into the office or it could be at the discretion of the employee with the manager's approval, subject to change. Employees who live within a reasonable commute distance from a Crain office are expected to work on-site 3 days per week.
Many positions will also include work done in "the field." Depending on the role, this may include conducting in-person interviews, attending work-related events, meeting with sources or clients. Specifics will be noted in the job posting but are subject to change as a role evolves. Employees may be exposed to adverse environmental conditions, specifically during field work. Other typical job functions are performed under conditions such as those found in general office work.
Travel to cover news stories/events, meetings with clients, and to our geographically separated offices may be required. It is the nature of many positions to experience non-standard working hours and be on-call when needed for responding to email, meeting with clients, attending work-related events, story development or breaking news. Most employees perform work Monday through Friday, although early-morning, evening or weekend shifts may be required. Work schedule and travel requirements are subject to change as a role and needs evolve over time.
Physical Demands The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of many Crain jobs and are subject to change.
Physical activities will include frequent in-person or virtual interactions. For most positions, it is essential to be able to remain at a desk/computer workstation for prolonged periods, perform computer-related tasks, and create/maintain documents within filing systems. Must have close visual acuity to perform an activity, such as preparing and analyzing reports and information, transcribing, viewing a computer terminal, or extensive reading. The typical physical requirements are light work-exerting up to 25lbs of force occasionally and/or up to 10lbs of force frequently and may include climbing, pushing, standing, hearing, walking, reaching, grasping, kneeling, stooping, and repetitive motion. Some positions will have additional physical requirements, including exerting up to 50lbs of force to move and/or carry equipment, supplies, files, or other materials as the role requires.
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions and meet the environmental and physical demands of the role.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
Crain Communications is seeking an experienced and hands-on Director of IT Security to lead and shape our cybersecurity and infrastructure strategy. Reporting to the VP of Technology and Product, this new role will be integral to ensuring the security and operational excellence of our corporate infrastructure and supporting the diverse needs of our global operations.
The ideal candidate will have a proven track record in senior leadership roles (Director/VP-level) and expertise in both on-premises infrastructure and modern SaaS/cloud environments. In addition to technical acumen, you must excel in educating staff, implementing robust security systems and processes, and mitigating social engineering threats across a growing organization of 600+ employees.
This role is based in Detroit, Michigan, with a hybrid work arrangement. Remote opportunities are available for the right candidate, but some regular travel will be required.
Key Responsibilities:
Strategic Leadership: Develop and execute a comprehensive IT security strategy covering on-premises, SaaS, and cloud environments. Collaborate with executive leadership and department heads to align security goals with business objectives. Stay ahead of emerging threats, trends, and technologies to continuously enhance Crain's security posture. Operational Excellence:
Oversee and manage all aspects of IT security for corporate systems and global infrastructures across North America, Europe, and Asia. Lead the evaluation, selection, and implementation of security tools, managed services, and infrastructure upgrades. Provide technical guidance on integrating security best practices across IT operations and development teams. Cybersecurity and Awareness:
Implement advanced defenses against social engineering attacks, including phishing and smishing. Conduct regular security training and awareness programs for staff across the organization. Promote a risk aware culture through regular communication and education initiatives. Develop and enforce security policies, procedures, and compliance standards. Risk Management:
Monitor, assess, and address vulnerabilities across IT systems, personal computers, applications, and networks. Lead incident response efforts and manage recovery processes in case of breaches or threats. Ensure compliance with relevant regulations, including data protection and privacy standards. Conduct regular risk assessments and evaluation of technology and cybersecurity risks and provide/implement mitigation. Ensure timely escalation of critical risks and incidents Oversee the incident response process and ensure effective management of cyber incidents. Conduct post-incident reviews and recommend improvements to prevent future occurrences. Coordinate with external auditors for technology and cybersecurity risk audits, including PCI and HIPAA compliance. Qualifications:
7+ years of experience in IT security roles, with at least 3 years in Director/VP-level positions. Hands-on expertise in managing on-premises hardware, SaaS applications, and cloud infrastructures (e.g., AWS, Azure, Microsoft inTune or Google Cloud). Deep understanding of cybersecurity frameworks, such as NIST, CIS Controls, or ISO 27001. Proven experience in designing and implementing systems to prevent social engineering threats. Exceptional leadership, communication, and organizational skills. Relevant certifications such as CISSP, CISM, or CEH are highly desirable. Knowledge of data privacy laws and regulations. This position is exempt under the Fair Labor Standards Act and is not eligible for overtime pay.
Pay Transparency Disclosure:
The estimated base salary range for this position is $200,000 to $220,000.
The final salary offering will take into account a wide range of factors, including experience, accomplishments and location. The salary range provided should not be considered as a salary limit or cap. In addition to base salary, Crain also offers competitive benefits including retirement plan savings contributions and bonus opportunities based on individual and company performance.
#LI-KL1
#LI-Hybrid
#IT
#director
#full-time
About Crain Communications:
Crain Communications is a leading business news and information company with a portfolio of 24 media brands that provide indispensable coverage and data for professionals globally and across sectors, including advertising, automotive, finance, healthcare, staffing, and workforce solutions. Many of Crain's brands are the most influential media properties in the industries and communities they serve, including Ad Age, Automotive News, Pensions & Investments, Modern Healthcare, Staffing Industry Analysts, as well as Crain's regional business brands. For more than a century, our dedication to deep sector expertise and journalistic integrity has enabled us to provide trusted insights across all our platforms, empowering today's business leaders to make industry-shaping decisions. To learn more about Crain Communications, visit crain.com.
Environmental Demands
Where you work matters. The job posting will provide specific information on where and when your amazing work would be performed. Employee work location is determined by the needs of the specific team and may include on-site, hybrid or remote. Employee work location is subject to change.
An "in-office" role would require the employee to come into the office most days with occasional flexibility to work remotely if tasks can be performed elsewhere and if the manager approves. A "remote" role would allow an employee to work from a home office that is in one of the states Crain does business in. We can only employ a remote / "work from home" employee if they reside in one of these states: AZ, CA, CO, FL, GA, IL, MD, MA, MI, MN, NV, NY, NC, OH, OR, TN, TX, VA, WA, WI, and Washington, DC. A "hybrid" role would be a mix of in-office and remote work. There may be a specified schedule for coming into the office or it could be at the discretion of the employee with the manager's approval, subject to change. Employees who live within a reasonable commute distance from a Crain office are expected to work on-site 3 days per week.
Many positions will also include work done in "the field." Depending on the role, this may include conducting in-person interviews, attending work-related events, meeting with sources or clients. Specifics will be noted in the job posting but are subject to change as a role evolves. Employees may be exposed to adverse environmental conditions, specifically during field work. Other typical job functions are performed under conditions such as those found in general office work.
Travel to cover news stories/events, meetings with clients, and to our geographically separated offices may be required. It is the nature of many positions to experience non-standard working hours and be on-call when needed for responding to email, meeting with clients, attending work-related events, story development or breaking news. Most employees perform work Monday through Friday, although early-morning, evening or weekend shifts may be required. Work schedule and travel requirements are subject to change as a role and needs evolve over time.
Physical Demands The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of many Crain jobs and are subject to change.
Physical activities will include frequent in-person or virtual interactions. For most positions, it is essential to be able to remain at a desk/computer workstation for prolonged periods, perform computer-related tasks, and create/maintain documents within filing systems. Must have close visual acuity to perform an activity, such as preparing and analyzing reports and information, transcribing, viewing a computer terminal, or extensive reading. The typical physical requirements are light work-exerting up to 25lbs of force occasionally and/or up to 10lbs of force frequently and may include climbing, pushing, standing, hearing, walking, reaching, grasping, kneeling, stooping, and repetitive motion. Some positions will have additional physical requirements, including exerting up to 50lbs of force to move and/or carry equipment, supplies, files, or other materials as the role requires.
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions and meet the environmental and physical demands of the role.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)